7867 – Printer driver migration using net(8) ends with "Segmentation fault"

Bug 7867 - Printer driver migration using net(8) ends with "Segmentation fault"

Summary: Printer driver migration using net(8) ends with "Segmentation fault"

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.6
Classification:	Unclassified
Component:	Printing (show other bugs)
Version:	unspecified
Hardware:	x64 FreeBSD

Importance:	P3 critical
Target Milestone:	---
Assignee:	Guenther Deschner
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-12-14 08:22 UTC by Joerg Pulz
Modified:	2011-09-05 08:15 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joerg Pulz 2010-12-14 08:22:38 UTC

While trying to migrate some printer drivers from an Windows Server 2008R2 64bit to a samba server 3.5.x/3-6-test the command:
net rpc printer migrate drivers <printer> -U<user> -S<WINSRV> --destination=<SMBSRV>
fails at every try with "Segmantation fault".

The source server has the driver installed for "Windows NT x86" and "Windows x64".
The migration order by net(8) is to first migrate the x86 one and the x64 one last in one step. The segfault occurs right after all x64 files are copied to the destination host.
The problem is the value of "0x40000000" for r->dependent_files, see the backtrace. If i use "env MALLOC_OPTIONS=Z" together with the same net(8) command it doesn't segfault. I somehow didn't managed to find the relevant place in the code.
The only point i found is that the driver is not migrated 1:1.

This is the output of rpcclient -c "enumdrivers 3" for the source server:

Printer Driver Info 3:
        Version: [3]
        Driver Name: [HP Universal Printing PS (v5.0)]
        Architecture: [Windows NT x86]
        Driver Path: [\\WINSRV\print$\W32X86\3\PSCRIPT5.DLL]
        Datafile: [\\WINSRV\print$\W32X86\3\hpcu094s.ppd]
        Configfile: [\\WINSRV\print$\W32X86\3\hpmdp094.dll]
        Helpfile: [\\WINSRV\print$\W32X86\3\PSCRIPT.HLP]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcdmc32.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpbcfgre.DLL]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcpu094.CFG]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcui094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcpe094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcu0945.dem]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpmur094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpmux094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpmpm081.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpmpw081.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcls094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcss094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpmsn094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpmsl094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcsat20.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcur094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcpn094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpmup094.bin]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcsr094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcu094s.hpx]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcst094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcev094.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcu094d.INI]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcu094s.xml]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcsc094.dtd]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpchl094.cab]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\PS5UI.DLL]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\PSCRIPT.NTF]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\PS_SCHM.GDL]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpzfn094.ntf]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\fxcompchannel.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\cioum.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\cioum32.msi]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hppccompio.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpcc3094.DLL]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\HPJobCaps.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\hpfxcomw.dll]
        Dependentfiles: [\\WINSRV\print$\W32X86\3\HPSysObj.dll]
        Monitorname: [(null)]
        Defaultdatatype: [(null)]

This is the output of rpcclient -c "enumdrivers 3" for the destination server (after net rpc printer migrate):

Printer Driver Info 3:
        Version: [3]
        Driver Name: [HP Universal Printing PS (v5.0)]
        Architecture: [Windows NT x86]
        Driver Path: [\\SMBSRV\print$\W32X86\3\PSCRIPT5.DLL]
        Datafile: [\\SMBSRV\print$\W32X86\3\hpcu094s.ppd]
        Configfile: [\\SMBSRV\print$\W32X86\3\hpmdp094.dll]
        Helpfile: [\\SMBSRV\print$\W32X86\3\PSCRIPT.HLP]
        Monitorname: [`\xe5(!\x90\xe6(!\xc0\xe7(!\xf0\xe8(! \xea(!P\xeb(\x80\xec(!\xb0\xed(!\xe0\xee(!^P\xf0(!@\xf1(!p\xf2(!\xa0\xf3(!\xd0\xf4(!]
        Defaultdatatype: [(null)]

As you can see, the output is totally different. All Dependentfiles definitions are completely missing on the destination server and Monitorname should be (null) but shows some character mix.

Somehow it looks like the driver information from the source system is applied to the wrong fields on the destination system  (off by one).

Backtrace:

#0  0x00731aa9 in ndr_push_spoolss_StringArray (ndr=0x211303c0, ndr_flags=3, 
    r=0x40000000) at librpc/gen_ndr/ndr_spoolss.c:8482
#1  0x0044d363 in ndr_size_struct (p=0x40000000, flags=1048576, 
    push=0x7319f0 <ndr_push_spoolss_StringArray>) at ../librpc/ndr/ndr.c:1005
#2  0x007cb9ad in ndr_size_spoolss_StringArray (r=0x40000000, flags=1048576)
    at ../librpc/ndr/ndr_spoolss_buf.c:572
#3  0x007344a3 in ndr_push_spoolss_AddDriverInfo3 (ndr=0x21130350, 
    ndr_flags=3, r=0xbfbfe04c) at librpc/gen_ndr/ndr_spoolss.c:8821
#4  0x00746863 in ndr_push_spoolss_AddDriverInfo (ndr=0x21130350, ndr_flags=2, 
    r=0xbfbfdf64) at librpc/gen_ndr/ndr_spoolss.c:10698
#5  0x00747c0a in ndr_push_spoolss_AddDriverInfoCtr (ndr=0x21130350, 
    ndr_flags=3, r=0xbfbfdf60) at librpc/gen_ndr/ndr_spoolss.c:10948
#6  0x00787cb0 in ndr_push_spoolss_AddPrinterDriver (ndr=0x21130350, flags=1, 
    r=0xbfbfded4) at librpc/gen_ndr/ndr_spoolss.c:22647
#7  0x00480605 in dcerpc_binding_handle_call_send (mem_ctx=0x211032b0, 
    ev=0x21130120, h=0x2110b7c0, object=0x0, table=0xa91600, opnum=9, 
    r_mem=0x21103280, r_ptr=0xbfbfded4) at ../librpc/rpc/binding_handle.c:326
#8  0x00480bc6 in dcerpc_binding_handle_call (h=0x2110b7c0, object=0x0, 
    table=0xa91600, opnum=9, r_mem=0x21103280, r_ptr=0xbfbfded4)
    at ../librpc/rpc/binding_handle.c:473
#9  0x0011abf5 in dcerpc_spoolss_AddPrinterDriver_r (h=0x2110b7c0, 
    mem_ctx=0x21103280, r=0xbfbfded4) at librpc/gen_ndr/ndr_spoolss_c.c:2256
#10 0x0011afa7 in dcerpc_spoolss_AddPrinterDriver (h=0x2110b7c0,
    mem_ctx=0x21103280, _servername=0x211537b0 "\\\\SMBSRV", 
    _info_ctr=0xbfbfdf60, result=0xbfbfdf20)
    at librpc/gen_ndr/ndr_spoolss_c.c:2390
#11 0x001095ac in rpccli_spoolss_AddPrinterDriver (cli=0x2112d430, 
    mem_ctx=0x21103280, _servername=0x211537b0 "\\\\SMBSRV", 
    _info_ctr=0xbfbfdf60, werror=0xbfbfdf6c)
    at librpc/gen_ndr/cli_spoolss.c:1276
#12 0x000dbf97 in net_spoolss_addprinterdriver (pipe_hnd=0x2112d430, 
    mem_ctx=0x21103280, level=3, info=0xbfbfe04c)
    at utils/net_rpc_printer.c:1053
#13 0x000ddb01 in rpc_printer_migrate_drivers_internals (c=0x21104070, 
    domain_sid=0x2112d3b0, domain_name=0x2112bdd0 "DOMAIN", cli=0x21154030, 
    pipe_hnd=0x2112d330, mem_ctx=0x21103280, argc=1, argv=0x211030b4)
    at utils/net_rpc_printer.c:1942
#14 0x000c0cff in run_rpc_command (c=0x21104070, cli_arg=0x0, 
    interface=0xa91604, conn_flags=0, 
    fn=0xdd600 <rpc_printer_migrate_drivers_internals>, argc=1, 
    argv=0x211030b4) at utils/net_rpc.c:210
#15 0x000cf43c in rpc_printer_migrate_drivers (c=0x21104070, argc=1, 
    argv=0x211030b4) at utils/net_rpc.c:6700
#16 0x000f18bb in net_run_function (c=0x21104070, argc=2, argv=0x211030b0, 
    whoami=0x8a1a96 "net rpc printer migrate", table=0xbfbfe248)
    at utils/net_util.c:585
#17 0x000cf7b3 in rpc_printer_migrate (c=0x21104070, argc=2, argv=0x211030b0)
    at utils/net_rpc.c:6902
#18 0x000f18bb in net_run_function (c=0x21104070, argc=3, argv=0x211030ac, 
    whoami=0x8a249b "net rpc printer", table=0xbfbfe350)
    at utils/net_util.c:585
#19 0x000cfe4a in net_rpc_printer (c=0x21104070, argc=3, argv=0x211030ac)
    at utils/net_rpc.c:7235
#20 0x000f18bb in net_run_function (c=0x21104070, argc=4, argv=0x211030a8, 
    whoami=0x8a2bfe "net rpc", table=0xbfbfe424) at utils/net_util.c:585
#21 0x000cff5a in net_rpc (c=0x21104070, argc=4, argv=0x211030a8)
    at utils/net_rpc.c:7445
#22 0x000f18bb in net_run_function (c=0x21104070, argc=5, argv=0x211030a4, 
    whoami=0x898432 "net", table=0xa7a480) at utils/net_util.c:585
#23 0x000b75a0 in main (argc=11, argv=0xbfbfebb8) at utils/net.c:933

Comment 1 Andreas Schneider 2011-05-11 16:40:57 UTC

Thanks for taking the time and reporting this bug. We think that this has already been fixed. Could you test this with 3.6-pre3?

Comment 2 Andreas Schneider 2011-09-05 08:15:47 UTC

Closing as fixed.